Clickjacking requires pretty rudimentary programming skills. You can take a couple of college classes and learn all of the skills that you need to implement a fairly successful clickjacking campaign. Just because something is easy, though, doesn’t mean that someone will do it. There has to be some kind of reward, right?

Not surprisingly, the big reward for clickjackers is money.

Symantec Security Response did some research showing that clickjackers can earn as much as $40,000. That’s a lot of money for such a small amount of work.

There are, of course, various ways that clickjackers can make money.

One of the most popular ways is to trick Internet users into filling out online surveys. Survey companies are often willing to pay websites for sending information their way. Each survey doesn’t earn much money at all. A successful clickjacking campaign, however, could potential trick thousands of people into filling out surveys. The money from those surveys adds up quickly, allowing the clickjacker to earn a good income.

Other clickjacking attacks focus on stealing information from Internet users. These attacks typically install spyware on your computer that allows a hacker to gather information about your activities. That makes it possible for the hacker to access your email account to send out spam. Like online surveys, each piece of spam earns a small amount of money that quickly adds up.

Hackers can also used clickjacked links to install spyware that will capture your personal information. This can allow the hacker to steal your identity, open a credit card in your name, or access your bank accounts.

Last weekend a British pilot died after his plane crashed during a Red Arrow display at the Bournemouth Air Festival. He had family and friends and people who loved him. As far as clickjackers were concerned, though, he mostly had earning potential.

Not long after the crash was reported, a Facebook message started circulating that promised to show video of the accident. Regardless of how compassionate most people are (thousands joined a Facebook group showing support for the pilot’s family), they also have a tendency to stare at car crashes and watch movies like Jackass, where people get hurt in supposedly hilarious ways. They just can’t not look at something spectacular, even when the event was tragic.

Clicking on the video link, however, doesn’t take you to a YouTube video. Clicking on the link does, however, share the message with all of your Facebook pals.

In the typical way, this clickjack gets spread quickly through the Internet. Even if only two people click on the message posted by your account, and then two people click on the messages posted by them, and so on, you quickly get thousands of people falling for the scam. The numbers increase exponentially, so they really get moving once you hit the triple digits.

It’s stunningly heartless for someone to use this tragic event to earn money. I’m sure that some people, however, think that the clickjack victims have gotten what they deserve. They should have followed the message in the first place. I think that’s a bit too harsh. Following the message might mean that you’re gullible, but it doesn’t mean that you are a bad person. At least not any worse than the thousands of other people who wanted to see the crash that they had heard so much about.

Fans of Twilight can get a bit… well, fanatical. Give them the opportunity to attend a pre-screening for free, and they’ll do just about anything.

Anything, including fall for a Facebook clickjacking scam.

This specific clickjacking scam spreads through Facebook posts. To win the free tickets, you have to complete a survey. Finish that survey, however, and you’re taken to another one. You might think that you’ll eventually reach those tickets, but you never will. It’s a ceaseless journey that only ends when you get frustrated enough to quit.

By that time, though, it’s probably too late for your friends. That’s because you have shared information about the free tickets with everyone you’re connected to on Facebook. What? You don’t remember that post? That’s because the clickjack did it for you. Now all of your friends can fall victim to the hoax.

To make matters even worse, this scam focuses on young people who, as we all known, don’t always exercise the best judgment when exploring the net. Even parents that keep a close eye on their kids’ Internet usage might not spot this problem. It’s one thing for your kid to access a pornographic or disturbing website from the living room, but it’s quite another to fill out a simple survey. Few parents would even know to wonder whether it could have harmful effects.

Kids might think that they know more about the Internet than their parents. And maybe they do. But they don’t know more than their parents about the ways that scam artists prey on kids. That’s why parents have to make sure their kids know how to stay safe online.

It doesn’t matter whether you love Lady Gaga or hate her, she certainly has an odd charisma that attracts people. That charisma has helped her sell millions of copies of her danceable songs. (Personally, I like the meaning behind her songs much more than I like the music, but I think I’m just a little too old to dig it. If she’d been around in the 80s, though, I probably would have loved her.)

As soon as someone exposes the public to that level of charisma, though, someone else will try to make money from it.

In 2011, that means someone is going to use your fame to clickjack a bunch of people on Facebook.

Over the past couple of days, a message has been spreading through Facebook that claims Lady Gaga was found bead in a hotel room. The message carries a video link that you supposedly click on to watch news footage about her death. As an awesome and disturbing side note, the video has a message that reads “This is the most awful day in the US history.” Forget the strange choice of words (“the US history”?). Who would actually believe that this is a legitimate news broadcast. Come on, it’s obviously not the most awful fay in US history… What about the day that John Lennon was killed!

Despite the ridiculous nature of the post, a lot of people have clicked on it. And they got clickjacked, of course. Oh, gullible people so unwilling to read the small print.

Would you like to see video of a large spider living underneath someone’s skin. Personally, I’d pass. Still, I can understand that a lot of people would want to see that video. After all, look at how many people go to see horror movies and throw their necks out of whack as they stare at car accidents.

A morbid sense of curiosity, however, can lead to bad things when you’re on Facebook.

A recent clickjacking attack used the spider video as bait to convince Facebook users (I’m guessing mostly boys and young men) to follow a link. Unfortunately for them, they didn’t get to see a gnarly video. They just got clickjacked, which, in this case, means that the link instructed the Facebook account to post the message on the user’s wall so that her or (again, more than likely) his friends would see it and think “oh man, awesome, I totally want to see some of that nastiness!”

There were numerous messages floating around with this clickjacked link attached. Even a bilingual one in Spanish and English! Some of the examples include

Una Araña debajo de la piel. A spider under your skin!http://www.youtube.com
Él dice que era una araña bajo la piel, ¿qué dices?.He says there was a spider under the skin what do you say?

Rhodri Marsden, in his article posted on The Independent yesterday, covered some of the ways that today’s culture is influenced by mass media outlets, including television, radio, Twitter, and Facebook. We’ve all become news junkies. But we’re not satisfied to feast on legitimate news. We want more. We even want more after we’ve been thrown chucks of Charlie Sheen and other celebrities, whose lives have nothing to do with our own.

What do we do when we need dessert after gorging ourselves on everything from CNN to News of the Weird, we turn to the least likely sources of legitimate content.

That’s why, according to Marsden (and I think he’s really on to something here), we’re all to blame for clickjacking. Hate clickjeckers? Yeah, who doesn’t? But pointing the finger at them without acknowledging that last week you actually follow a link that promised video of “YOU WON’T BELIEVE WHAT THE JONAS BROTHERS DID THIS TIME!”

Call yourself a sucker or a dupe if you want, but don’t expect Marsden to cut you any slack.

When people use social networking sites, they need to understand what they are doing. Otherwise, we have a system that resembles a middle school lunch room. If that’s the best that we can do, maybe human beings should just walk away from computer networks altogether and admit that we have defeated ourselves.

Each time you follow one of those ridiculous links, you bolster the hopes and coffers of clickjackers. That means more clickjacking will happen. Yes, the actual clickjacker is the guy pulling the trigger, but you gave him money to buy the bullets. That makes you at lease somewhat responsible.

If you are the lowest of the low, then you spend your time thinking of ways to make money off of the suffering of other people. The way that you manage to earn your disgusting living depends on what type of skills you have. If you are a great motivator or actor, then you might make money by setting up a fake charity that supposedly benefits the families of victims in the recent Oslo tragedy (in case you don’t know, some wingnut shot a whole bunch of people. It was an instance of terrorism that many people didn’t see coming because of the ridiculous blinders that they wear. The shooter wasn’t Muslim. He was a white Christian. It took journalists more than a day to recognize that they were wrong about the man’s religion and ethnicity, but I digress in a serious way…)

If you have a bit tech experience, then you create clickjacked links to exploit the memories of those killed in Oslo. Perhaps you start a Facebook post that asks for donations to your fake charity, or maybe you hijack a link so that it directs caring people to some stupid survey site that has agreed to pay you money whenever you send someone their way. Or even better yet, maybe you promise video of the shooting, and when people follow the link, they buy items from an online retailer without ever agreeing to such a purchase.

All of these things have happened. If you were behind them, then I hope you never enjoy a single cent that you made from the pain of these people. You’re a cheat. You don’t even have the intelligence to con someone. You just have the rote ability to make an annoying link that benefits you and only you.

Subscribe

Click Jacking Jack syndicates its weblog posts
and Comments using a technology called
RSS (Real Simple Syndication). You can use a service like Bloglines to get
notified when there are new posts to this weblog.